A Guide to Digital Asset Wallets and Service Providers

Key Takeaways

• Learn the differences between custody models: self-custody, sub-custody, and hybrid approaches.
• Understand the roles of custody technology providers, subcustodians, businesses, and end-users.
• Explore three critical assessment pillars: identity of custodian, operational resiliency, and counterparty risk.
• Discover how different wallet types suit varying business use cases—from fintechs to financial institutions.

Introduction: Why Custody Model Choice Matters

As digital assets become a core part of financial and enterprise infrastructure, businesses must choose wallet solutions and service providers that align with their risk tolerance, compliance requirements, and long-term strategy.

Whether you're a fintech startup, a Web3 platform, or a traditional financial institution, understanding custody models and the service providers behind them is essential to maintaining asset control and reducing risk exposure.

This guide offers a foundational framework to help business leaders navigate wallet architecture, evaluate custody models, and select reliable wallet service providers.

Understanding the Wallet Ecosystem: Key Roles and Terminology

Digital asset wallet infrastructure often involves multiple parties, each with distinct responsibilities. Here’s a breakdown of the key terms:

• Custody Technology Service Provider: Offers software or technology to create, manage, and secure wallets, without necessarily holding assets. Example: Fireblocks
• Subcustodian: Holds and controls assets on behalf of the business or its users. Often requires licensing and assumes custody responsibilities.
• Business: Contracts with a custody technology provider or subcustodian to operate digital wallets for treasury management or retail services.
• End-User: The business's customer. Usually doesn’t have a direct relationship with the wallet provider.

Key Distinction:

• In a self-custodial setup, the business retains control over wallet keys.
• In a subcustodial model, control rests with the wallet provider.

Wallet and Custody Models Explained

There are three main types of custody setups:

Wallet Use Cases by Market Segment

Different businesses require different wallet architectures. Here’s how wallet types align with common use cases:

• Fintechs & Wallet Apps: Favor hybrid custody for balance between security and user experience.
• Exchanges & Trading Platforms: Often adopt self-custody with infrastructure providers to retain full control over funds.
• Traditional Banks & Institutions: Prefer subcustody or regulated third-party custodians due to compliance requirements.

How to Evaluate Wallet Service Providers: 3 Key Factors

To make informed decisions, businesses should assess wallet providers across these three critical areas:

1. Custodian Identity & Legal Risk Exposure

Why It Matters:

Knowing who holds the private keys—or has the authority to move assets—is crucial. Unlicensed control of third-party assets could expose your business to regulatory violations and reputational harm.

Risks of Not Knowing:

• Violation of licensing laws
• Misalignment of risk responsibility
• Unidentified counterparty exposure

What to Ask:

• Who holds the controlling key material?
• Is the custodian licensed in your jurisdiction?
• Are key responsibilities clearly defined in contracts?

2. Operational Resiliency & Cybersecurity

Why It Matters:

The wallet provider’s ability to operate securely under stress—whether cyberattacks or outages—directly impacts your access to funds and customer experience.

Risks of Weak Resiliency:

• Asset lockouts during outages
• Exploits from insider threats or hackers
• System-wide operational disruptions

What to Ask:

• Does the provider have independent certifications (e.g., ISO, SOC)?
• Are operational controls audited regularly?
• What recovery mechanisms are in place for key loss or service failure?

3. Counterparty Risk, Continuity & Asset Recovery

Why It Matters:

From insolvency to technical failures, businesses need assurance that assets can be recovered in extreme situations.

Risks from Real-World Cases:

• FTX: Custody confusion led to massive user losses.
• Celsius: Lawful insolvency delayed or denied asset recovery.
• Hacks: Weak wallet systems increase theft risk.

What to Ask:

• Does the provider offer credible asset transfer and recovery plans?
• Are controls in place to prevent misappropriation?
• Is there a tested business continuity plan in place?

Conclusion: Choosing the Right Custody Path

Selecting a digital asset wallet solution is not just about functionality—it’s about trust, control, and risk management. Whether you’re leaning toward a self-custodial MPC wallet or a subcustodial provider, be sure to evaluate:

• Who holds the keys
• How well they mitigate operational risk
• What happens in case of disaster

At Cregis, we help businesses design secure, scalable wallet strategies across the custody spectrum—from MPC self-custody to cloud-based subcustody solutions. Our architecture puts security and compliance at the center of your wallet infrastructure.